Created
August 10, 2015 22:12
-
-
Save brettbatie/48443fb111b44c0cedc5 to your computer and use it in GitHub Desktop.
Secure PlayFramework by default. http://stackoverflow.com/questions/31841240/intercept-request-and-check-authorization-in-playframework
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Target({ ElementType.TYPE, ElementType.METHOD }) | |
| @Retention(RetentionPolicy.RUNTIME) | |
| public @interface NoAuthRequired {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class RequestHandler extends DefaultHttpRequestHandler { | |
| @Override | |
| public Action createAction(Http.Request request, Method actionMethod) { | |
| return new Action.Simple() { | |
| @Override | |
| public F.Promise<Result> call(Http.Context ctx) throws Throwable { | |
| // if the action is annotated with @NoAuthRequired or user is logged in delegate to it | |
| if (actionMethod.isAnnotationPresent(NoAuthRequired.class) || ctx.session().containsKey("loggedIn")) { | |
| return delegate.call(ctx); | |
| } | |
| // otherwise, block access | |
| else { | |
| return F.Promise.pure(forbidden("You're not allowed")); | |
| } | |
| } | |
| }; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment